IAAL: Peer-to-peer file sharing and copyright law after Napster

[March 9, 2001]

von Lohmann, Fred
.

Copyright (c) 2001 Electronic Frontier Foundation

Abstract: As the Napster saga illustrates, the future of peer-to-peer file-sharing is entwined, for better or worse, with copyright law. The legal fights have already broken out, with copyright owners targeting not only the makers of file-sharing clients like Napster and Scour, but also companies that provide products that rely on or add value to public P2P networks, such as MP3Board.com, which provides a web-based search interface for the Gnutella network. The fight has only just begun. If these early skirmishes yield any lesson for future P2P developers, it''s that a legal strategy needs to be in place early, preferably at the beginning of development, rather than bolted on at the end. As a result, if you are interested in peer-to-peer file sharing, whether as a developer, investor, or provider of ancillary services (such as search services or security), it''s time to bone up on some copyright law basics.

Contributory and Vicarious Infringement

The central copyright law concepts that P2P developers must grapple with are the doctrines of contributory and vicarious copyright infringement. These are so-called "indirect" or "secondary" theories of copyright liability that can hold a software maker or system developer liable for the infringing activities of end-users. In a widely-used public peer-to-peer file-sharing environment, it is a virtual certainty that at least some end-users will engage in infringing activity. By invoking contributory and vicarious copyright infringement, copyright owners have been seeking to hold P2P tool-makers (like Napster and Scour) responsible for these infringing end-user activities. Consequently, an uding of these two copyright doctrines can be crucial if P2P developers wish to limit their vulnerability to copyright liability.

Contributory infringement is similar to "aiding and abetting" liability: one who knowingly contributes to another's infringement can be held accountable. In order to prove a contributory infringement claim, a copyright owner must establish the following elements: (1) some act of direct infringement (by end-users, for example); (2) that the defendant knew or should have known of the defendant of the direct infringement; and (3) that the defendant materially contributed to the direct infringement.

A person will be liable for vicarious infringement if he has the right and ability to supervise infringing activity and also has a direct financial interest in such activities. In order to prove a vicarious infringement claim, a copyright owner must establish the following elements: (1) some act of direct infringement (by end-users, for example); (2) that the defendant had the right or ability to control the direct infringer; and (3) that the defendant derived a direct financial benefit from the direct infringement.

The recent decision by the Ninth Circuit in the Napster case is the first case involving the application of contributory and vicarious liability to a peer-to-peer file sharing system. In the course of ruling against Napster, the court interpreted both contributory and vicarious infringement in an expansive way. With respect to contributory infringement, the court ruled that, after receiving notice from a copyright owner that a work is being shared on its system without authorization, Napster has a duty to take reasonable steps (including implementing technical changes to its system) to prevent further distribution of the work. This ruling creates the potential that once a P2P developer receives a "cease and desist" letter from a copyright owner, he or she must "do something" (including making changes to the system architecture) to stop the infringement, or else face liability.

With respect to vicarious infringement, the Napster court radically diluted both the "control" and "financial benefit" elements that a copyright owner must prove. First, the court found that the mere ability to terminate user accounts or block user access to the system was enough to constitute "control." This may expose a wide variety Internet-based services to potential liability, as most services retain the right to terminate users. Second, the Napster court found that "financial benefit exists where the availability of infringing material acts as a draw for customers." Once again, this is not difficult to prove in an Internet economy characterized by business models premised on attracting large numbers of users.

In addition, the Ninth Circuit's view of vicarious infringement liability creates a strong incentive to monitor the conduct of users. This stems from the fact that knowledge is not required for vicarious infringement liability; a person can be a vicarious infringer even if they are completely unaware of infringing activity. As a result, if you exercise control over direct infringers and derive a benefit from their activities, you remain ignorant of their conduct at your own risk. In the words of the Napster court, "the right to police must be exercised to the fullest extent. Turning a blind eye to detectable acts of infringement for the sake of profit gives rise to liability."

Potential Defenses

A P2P developer may be able to mount certain legal defenses to a claim of contributory or vicarious infringement. These defenses may include the following:

No Direct Infringer ("All of My Users are Innocent Fair Users"): The chief difficulty with
this defense is that it can be difficult to ensure that every end-user is engaged in fair
use.

The Sony Betamax Defense ("Capable of substantial noninfringing uses"): Until the recent
Napster decision, this was perhaps the most promising defense. In light of the Ninth Circuit's
interpretation of this defense in the Napster opinion, however, it may be of limited value
once you receive a "cease and desist" letter from a copyright owner.

The DMCA Section 512 "safe harbors": These may provide a defense for certain systems (such as search engines or ISPs) that satisfy the stringent statutory prerequisites that apply to the safe harbors.

Because basic architecture decisions may influence a system's eligibility for these defenses, a P2P developer would be wise to consider the limits of each defense in evaluating the legal risks posed by any particular system design.

Guidelines for P2P Developers

A few general guidelines for P2P developers can be derived from an analysis of contributory and vicarious copyright infringement principles discussed above. Each guideline is discussed in further detail at the close of this white paper.

* Acronym for "I am a lawyer," to distinguish from the common "IANAL" ("I am not a lawyer") that appears on Slashdot and other online forums.~Fred von Lohmann is an attorney working as a visiting researcher with the Berkeley Center for Law & Technology, a research center associated with the Boalt Hall School of Law at UC Berkeley. His current research is focused on the impact of peer-to-peer technologies on the future of copyright. He also continues to maintain a relationship with Morrison & Foerster LLP (www.mofo.com), where prior to joining the Center he was an associate with a practice concentrated on transactions and counseling involving copyright, the Internet, and information technology. His primary legal interests lie at the intersection of copyright law and the Internet, including issues relating to online music distribution and the application of the Digital Millennium Copyright Act ("DMCA") to Internet businesses. He has worked with a variety of Internet clients, including Yahoo!, Verio, Myplay, Riffage, Voquette, iUniverse.com, SpikeRadio and NBCi.~Permission to reproduce and distribute this paper is freely given, provided that such activities are for noncommercial purposes and include attribution to the author. All other rights reserved. Contact the author at fred@vonLohmann.com for all other permissions.